Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gusa2727
Contributor

VPN Site to Site statically Nated IP address

Hi,

I am trying to set a S2S tunnel between two Checkpoints managed by the same SMS (r80.10), but one of them is using a private IP as WAN to connect with the ISP. Then the ISP is routing the public IP to our private IP in the Checkpoint. I am using the Link Selection type of "Statically NATed IP" and I have set there the public IP I would like to use to form the packet. The problem I am seeing is that the tunnel does not get up and I cannot see traffic with tcpdump related to ipesec tunnel. Any idea about what could be happen? I could make a small diagram if you need it. Thank you very much.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

That could mean the traffic isn't getting to the gateway at all.
Which makes this an upstream issue.
Can you confirm IPSEC traffic is leaving the remote gateway?
0 Kudos
carp3di3m
Explorer

I am having the same issue. The VPN works when I have the Main IP activated. But when I then change it to Statically NATed IP the VPN drops and doesn't work.

Nothing shows up in the logs besides in the VPN debug then "Peer Name: Unknown"

 

0 Kudos
_Val_
Admin
Admin

From sk32664:

Before R80.10, Check Point "Maintrain" Security Gateways did not support initiating IKE propositions over NAT-T.

A Security Gateway will accept and support proposals for industry UDP encapsulation behind port 4500, but will never initiate a proposal, unlike 600, 1100, 1200R and VPN-1 Edge Appliances that do support initiating IKE propositions over NAT-T.

 

0 Kudos